LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Secure Coding in C and C++

[Posted September 27, 2005 by ris]

From:  eric.garulay-AT-pearsoned.com
To:  lwn-AT-lwn.net
Subject:  Secure Coding in C and C++
Date:  Mon, 26 Sep 2005 17:41:12 EDT

NEW BOOK ANNOUNCEMENT:

Secure Coding in C and C++
By Robert Seacord

Attached is a sample chapter, which you may excerpt on your site,
called : Integer Security.

www.awprofessional.com/title/0321335724
Here is a link to the detailed description page with TOC, Preface, and Index.

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them 

Commonly exploited software vulnerabilities are usually caused by avoidable
software defects. Having analyzed nearly 18,000 vulnerability reports over
the past ten years, the CERT/Coordination Center (CERT/CC) has determined
that a relatively small number of root causes account for most of them. This
book identifies and explains these causes and shows the steps that can be
taken to prevent exploitation. Moreover, this book encourages programmers to
adopt security best practices and develop a security mindset that can help
protect software from tomorrow's attacks, not just today's.

Drawing on the CERT/CC's reports and conclusions, Robert Seacord
systematically identifies the program errors most likely to lead to security
breaches, shows how they can be exploited, reviews the potential
consequences, and presents secure alternatives.

Coverage includes technical detail on how to:

 Improve the overall security of any C/C++ application 
 Thwart buffer overflows and stack-smashing attacks that exploit insecure
string manipulation logic 
 Avoid vulnerabilities and security flaws resulting from the incorrect use of
dynamic memory management functions 
 Eliminate integer-related problems: integer overflows, sign errors, and
truncation errors 
 Correctly use formatted output functions without introducing format-string
vulnerabilities 
 Avoid I/O vulnerabilities, including race conditions 

Secure Coding in C and C++ presents hundreds of examples of secure code,
insecure code, and exploits, implemented for Windows and Linux. If you're
responsible for creating secure C or C++ software--or for keeping it safe--no
other book offers you this much detailed, expert assistance.

I look forward to speaking with you about excerpts, reviews and author
interview opportunities.  Please feel free to contact me as necessary.

Cheers,
EG
(Log in to post comments)

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.